… and get the request URL as second parameter for your callback. Now you can check if the URL contains http://api.wordpress.org/core/version-check/ and change all the values as want cancel the request and send a new one. There is still no way to change just the URL, that’s why I created the patch in the ticket.

WordPress sends version data back to .org when using the .org API (installing/searching/updating) to my knowledge. That data is then collated into chart graphics. You can see the data here. I assume this is also used when plotting the roadmap for environment requirements (i.e. PHP4 > PHP5, MySQL version support, etc...).

Here's a sample of what the .org stats data looks like:

As a side note, it's always imperative that you install plugins from trusted sources. Otto, and the other curators of the plugin directory have done a great job weeding out plugins that use base64+eval to send personal information back to unscrupulous plugin authors. I can guarantee there are some that pop up on a weekly basis in the repository. This applies to themes outside of the .org repo as well.

I've heard talk of creating a plugin review team (similar to the theme review team) that will secure the integrity of the repository in the future. You can join the wp-hackers mailing list and get more information there. That's where these type of discussions really are fleshed out.